Disable stargate queries

x/wasm/keeper/query_plugins.go

@@ -3,8 +3,6 @@ package keeper
 import (
 	"encoding/json"
 	"errors"
-	"fmt"
-	"strings"
 
 	"github.com/cosmos/cosmos-sdk/baseapp"
 
@@ -17,7 +15,6 @@ import (
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 	distributiontypes "github.com/cosmos/cosmos-sdk/x/distribution/types"
 	stakingtypes "github.com/cosmos/cosmos-sdk/x/staking/types"
-	abci "github.com/tendermint/tendermint/abci/types"
 )
 
 type QueryHandler struct {
@@ -271,32 +268,9 @@ func IBCQuerier(wasm contractMetaDataSource, channelKeeper types.ChannelKeeper)
 	}
 }
 
-var queryDenyList = []string{
-	"/cosmos.tx.",
-	"/cosmos.base.tendermint.",
-}
-
 func StargateQuerier(queryRouter GRPCQueryRouter) func(ctx sdk.Context, request *wasmvmtypes.StargateQuery) ([]byte, error) {
 	return func(ctx sdk.Context, msg *wasmvmtypes.StargateQuery) ([]byte, error) {
-		for _, b := range queryDenyList {
-			if strings.HasPrefix(msg.Path, b) {
-				return nil, wasmvmtypes.UnsupportedRequest{Kind: "path is not allowed from the contract"}
-			}
-		}
-
-		route := queryRouter.Route(msg.Path)
-		if route == nil {
-			return nil, wasmvmtypes.UnsupportedRequest{Kind: fmt.Sprintf("No route to query '%s'", msg.Path)}
-		}
-		req := abci.RequestQuery{
-			Data: msg.Data,
-			Path: msg.Path,
-		}
-		res, err := route(ctx, req)
-		if err != nil {
-			return nil, err
-		}
-		return res.Value, nil
+		return nil, wasmvmtypes.UnsupportedRequest{Kind: "Stargate queries are disabled."}
 	}
 }
 

x/wasm/keeper/reflect_test.go

@@ -356,34 +356,6 @@ func TestReflectStargateQuery(t *testing.T) {
 	require.Equal(t, len(expectedBalance), len(simpleBalance.Amount))
 	assert.Equal(t, simpleBalance.Amount[0].Amount, expectedBalance[0].Amount.String())
 	assert.Equal(t, simpleBalance.Amount[0].Denom, expectedBalance[0].Denom)
-
-	// now, try to build a protobuf query
-	protoQuery := banktypes.QueryAllBalancesRequest{
-		Address: creator.String(),
-	}
-	protoQueryBin, err := proto.Marshal(&protoQuery)
-	protoRequest := wasmvmtypes.QueryRequest{
-		Stargate: &wasmvmtypes.StargateQuery{
-			Path: "/cosmos.bank.v1beta1.Query/AllBalances",
-			Data: protoQueryBin,
-		},
-	}
-	protoQueryBz, err := json.Marshal(ReflectQueryMsg{
-		Chain: &ChainQuery{Request: &protoRequest},
-	})
-	require.NoError(t, err)
-
-	// make a query on the chain
-	protoRes, err := keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
-	require.NoError(t, err)
-	var protoChain ChainResponse
-	mustParse(t, protoRes, &protoChain)
-
-	// unmarshal raw protobuf response
-	var protoResult banktypes.QueryAllBalancesResponse
-	err = proto.Unmarshal(protoChain.Data, &protoResult)
-	require.NoError(t, err)
-	assert.Equal(t, expectedBalance, protoResult.Balances)
 }
 
 func TestReflectInvalidStargateQuery(t *testing.T) {
@@ -409,21 +381,42 @@ func TestReflectInvalidStargateQuery(t *testing.T) {
 	require.NotEmpty(t, contractAddr)
 
 	// now, try to build a protobuf query
+	protoQuery := banktypes.QueryAllBalancesRequest{
+		Address: creator.String(),
+	}
+	protoQueryBin, err := proto.Marshal(&protoQuery)
 	protoRequest := wasmvmtypes.QueryRequest{
+		Stargate: &wasmvmtypes.StargateQuery{
+			Path: "/cosmos.bank.v1beta1.Query/AllBalances",
+			Data: protoQueryBin,
+		},
+	}
+	protoQueryBz, err := json.Marshal(ReflectQueryMsg{
+		Chain: &ChainQuery{Request: &protoRequest},
+	})
+	require.NoError(t, err)
+
+	// make a query on the chain, should be blacklisted
+	_, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "Stargate queries are disabled")
+
+	// now, try to build a protobuf query
+	protoRequest = wasmvmtypes.QueryRequest{
 		Stargate: &wasmvmtypes.StargateQuery{
 			Path: "/cosmos.tx.v1beta1.Service/GetTx",
 			Data: []byte{},
 		},
 	}
-	protoQueryBz, err := json.Marshal(ReflectQueryMsg{
+	protoQueryBz, err = json.Marshal(ReflectQueryMsg{
 		Chain: &ChainQuery{Request: &protoRequest},
 	})
 	require.NoError(t, err)
 
 	// make a query on the chain, should be blacklisted
 	_, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
 	require.Error(t, err)
-	require.Contains(t, err.Error(), "path is not allowed from the contract")
+	require.Contains(t, err.Error(), "Stargate queries are disabled")
 
 	// and another one
 	protoRequest = wasmvmtypes.QueryRequest{
@@ -440,7 +433,7 @@ func TestReflectInvalidStargateQuery(t *testing.T) {
 	// make a query on the chain, should be blacklisted
 	_, err = keeper.QuerySmart(ctx, contractAddr, protoQueryBz)
 	require.Error(t, err)
-	require.Contains(t, err.Error(), "path is not allowed from the contract")
+	require.Contains(t, err.Error(), "Stargate queries are disabled")
 }
 
 type reflectState struct {